From f68607508380a176aa612c1928ee0a5acb635624 Mon Sep 17 00:00:00 2001 From: Gary Wilson Jr Date: Sun, 3 Jan 2010 18:07:11 +0000 Subject: [PATCH] [1.1.X] Fixed #12445 -- Added ' (single quote), @ (at sign), and ~ (tilde) to safe characters in `iri_to_uri` function. Backport of r12066 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.1.X@12067 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- django/utils/encoding.py | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/django/utils/encoding.py b/django/utils/encoding.py index 335f1a1551..66e6ebdd76 100644 --- a/django/utils/encoding.py +++ b/django/utils/encoding.py @@ -131,12 +131,21 @@ def iri_to_uri(iri): Returns an ASCII string containing the encoded result. """ - # The list of safe characters here is constructed from the printable ASCII - # characters that are not explicitly excluded by the list at the end of - # section 3.1 of RFC 3987. + # The list of safe characters here is constructed from the "reserved" and + # "unreserved" characters specified in sections 2.2 and 2.3 of RFC 3986: + # reserved = gen-delims / sub-delims + # gen-delims = ":" / "/" / "?" / "#" / "[" / "]" / "@" + # sub-delims = "!" / "$" / "&" / "'" / "(" / ")" + # / "*" / "+" / "," / ";" / "=" + # unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~" + # Of the unreserved characters, urllib.quote already considers all but + # the ~ safe. + # The % character is also added to the list of safe characters here, as the + # end of section 3.1 of RFC 3987 specifically mentions that % must not be + # converted. if iri is None: return iri - return urllib.quote(smart_str(iri), safe='/#%[]=:;$&()+,!?*') + return urllib.quote(smart_str(iri), safe="/#%[]=:;$&()+,!?*@'~") # The encoding of the default system locale but falls back to the